Computer arbitrarily shutting down

Gale_Tx · March 14, 2012, 03:58:45 PM

Hi, everyone. It's been a while. This shutting down problem starting happening a few weeks ago; we've had it in the shop twice and they couldn't fix it. There's no particuliar time that it happens. It will stay on forever if I let it sit there without doing anything. If I'm watching a You-Tube video or something similiar, when it shuts down, I can still hear the video. Makes me think it has something to do with the monitor perhaps? I don't know but it's driving me crazy----which doesn't take much. :)

Trying to follow instructions: Here's my Erunt files:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gale at 2012-03-14 10:37:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 40 GB (53%) free of 76 GB
Total RAM: 2047 MB (75% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{2C2155DD-F9E5-49C8-B53C-4CE92333E1CE}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@movenetworks.com/Quantum Media Player]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIMNQMP.xpt
snapfishScript.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npmnqmp07030901.dll
nppdf32.dll
npsnapfish.dll
unins000.dat
unins000.exe

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default\searchplugins\
comcast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-12 982880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-02-18 2423752]

C:\Documents and Settings\Gale\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe"="C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Disabled:BookWorm"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Support.com\bin\tgcmd.exe"="C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 3 months======

2012-03-13 08:38:55 ----D---- C:\Program Files\trend micro
2012-03-13 08:34:48 ----D---- C:\Program Files\ERUNT
2012-03-13 08:25:03 ----D---- C:\Documents and Settings\Gale\Application Data\SUPERAntiSpyware.com
2012-03-13 08:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-10 11:16:08 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-03-10 10:56:09 ----D---- C:\Program Files\Office Depot PC Support Agent
2012-03-09 08:55:36 ----ASH---- C:\pagefile.sys
2012-03-01 11:16:20 ----D---- C:\Program Files\MagicTune Premium
2012-02-27 16:19:20 ----D---- C:\Documents and Settings\Gale\Application Data\Leadertech
2012-02-16 02:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 02:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 22:40:13 ----A---- C:\WINDOWS\imsins.BAK
2012-02-15 22:35:37 ----HDC---- C:\WINDOWS\ie8
2012-02-07 14:56:13 ----D---- C:\Documents and Settings\Gale\Application Data\TuneUp Software
2012-02-07 14:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2012-02-06 22:05:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-06 21:21:10 ----SHD---- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-04 10:12:49 ----A---- C:\WINDOWS\system32\drivers\PortTalk.sys
2012-02-03 17:00:30 ----D---- C:\Program Files\officedepot_stk_sop
2012-02-03 14:19:07 ----A---- C:\TDSSKiller.2.6.19.0_03.02.2012_13.19.07_log.txt
2012-02-02 06:01:54 ----D---- C:\WINDOWS\ie8updates
2012-01-31 19:39:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-31 16:56:13 ----D---- C:\Documents and Settings\Gale\Application Data\supportdotcom
2012-01-31 16:56:00 ----D---- C:\Program Files\supportdotcom
2012-01-31 16:56:00 ----D---- C:\Program Files\Common Files\supportdotcom
2012-01-31 15:28:28 ----D---- C:\Documents and Settings\Gale\Application Data\QuickScan
2012-01-31 15:27:44 ----D---- C:\temp
2012-01-31 15:26:56 ----D---- C:\Program Files\Common Files\supportsoft
2012-01-25 15:00:46 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-01-25 15:00:42 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2012-01-24 17:20:31 ----D---- C:\Misc
2012-01-24 16:37:28 ----N---- C:\WINDOWS\system32\IJRMF.exe
2012-01-24 16:31:24 ----A---- C:\WINDOWS\TrueInstall.exe
2012-01-24 15:53:11 ----D---- C:\WINDOWS\system32\cache
2012-01-21 15:11:06 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-01-21 15:11:03 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-01-11 23:17:01 ----A---- C:\WINDOWS\system32\rp_stats.dat
2012-01-11 23:17:01 ----A---- C:\WINDOWS\system32\rp_rules.dat
2012-01-11 18:37:08 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-01-11 08:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-08 23:15:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-08 23:15:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2012-01-08 21:22:29 ----D---- C:\Program Files\MSN
2012-01-05 12:05:48 ----D---- C:\Program Files\AVG Secure Search
2012-01-05 12:03:01 ----D---- C:\Documents and Settings\Gale\Application Data\AVG2012
2012-01-05 12:01:42 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012
2012-01-05 11:49:52 ----D---- C:\Documents and Settings\Gale\Application Data\AVG Secure Search

======List of files/folders modified in the last 3 months======

2012-03-14 10:37:16 ----D---- C:\WINDOWS\temp
2012-03-14 10:37:15 ----D---- C:\WINDOWS\Prefetch
2012-03-14 10:37:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-14 09:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2012-03-14 09:48:52 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-03-14 09:37:26 ----D---- C:\WINDOWS\system32\NtmsData
2012-03-13 13:04:33 ----D---- C:\Program Files\Mozilla Firefox
2012-03-13 09:06:12 ----D---- C:\WINDOWS\ERDNT
2012-03-13 08:38:55 ----RD---- C:\Program Files
2012-03-13 08:37:23 ----D---- C:\WINDOWS\system32\drivers
2012-03-13 08:26:32 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-12 11:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-03-11 12:23:07 ----D---- C:\WINDOWS\system32
2012-03-11 08:59:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 08:57:29 ----D---- C:\WINDOWS
2012-03-10 23:43:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-10 23:43:46 ----HD---- C:\WINDOWS\inf
2012-03-10 19:29:39 ----RSD---- C:\WINDOWS\assembly
2012-03-10 19:24:57 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-10 17:59:59 ----D---- C:\Program Files\Microsoft Silverlight
2012-03-10 16:53:05 ----SHD---- C:\WINDOWS\Installer
2012-03-10 16:53:00 ----D---- C:\Config.Msi
2012-03-10 16:52:10 ----D---- C:\WINDOWS\WinSxS
2012-03-10 16:41:18 ----D---- C:\Program Files\Internet Explorer
2012-03-10 16:39:34 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-10 12:50:05 ----D---- C:\Program Files\Outlook Express
2012-03-10 11:12:45 ----D---- C:\WINDOWS\system32\en-us
2012-03-10 11:12:44 ----D---- C:\WINDOWS\Media
2012-03-10 11:12:44 ----D---- C:\WINDOWS\Help
2012-03-10 11:11:34 ----D---- C:\WINDOWS\system32\config
2012-03-10 11:10:58 ----D---- C:\WINDOWS\system32\wbem
2012-03-10 11:10:58 ----D---- C:\WINDOWS\Registration
2012-03-10 11:01:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-28 12:15:28 ----SD---- C:\WINDOWS\Tasks
2012-02-27 16:54:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-02-27 16:26:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-02-16 02:22:02 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-15 22:31:48 ----D---- C:\WINDOWS\Debug
2012-02-15 22:15:25 ----AC---- C:\WINDOWS\NeroDigital.ini
2012-02-07 16:10:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2012-02-07 16:10:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2012-02-07 16:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2012-02-07 16:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2012-02-07 16:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-02-07 16:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2012-02-07 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-02-07 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2012-02-07 16:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2012-02-07 16:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2012-02-07 16:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2012-02-07 16:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2012-02-07 16:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2012-02-07 16:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2012-02-07 16:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2012-02-07 16:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2012-02-07 16:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB891122$
2012-02-07 16:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2012-02-07 16:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2012-02-07 16:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2012-02-07 16:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2012-02-07 16:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2012-02-07 16:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$
2012-02-07 16:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB931836$
2012-02-07 16:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2012-02-07 16:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2012-02-07 16:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2012-02-07 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2012-02-07 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2012-02-07 16:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-02-07 16:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2012-02-07 16:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946627$
2012-02-07 16:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2012-02-07 16:09:39 ----DC---- C:\WINDOWS\$NtUninstallKB952011$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-02-07 16:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2012-02-07 16:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2012-02-07 16:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-02-07 16:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-02-07 16:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2012-02-07 16:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2012-02-07 16:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2012-02-07 16:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-02-07 16:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2012-02-07 16:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2012-02-07 16:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-02-07 16:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-02-07 16:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-02-07 16:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2012-02-07 16:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-02-07 16:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2012-02-07 16:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-02-07 16:09:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2012-02-06 22:06:40 ----D---- C:\WINDOWS\SoftwareDistribution
2012-02-03 17:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Support.com
2012-02-03 16:49:11 ----D---- C:\WINDOWS\security
2012-02-03 14:34:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 21:06:57 ----SHD---- C:\RECYCLER
2012-01-31 19:34:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-31 19:17:16 ----D---- C:\Documents and Settings
2012-01-31 16:56:00 ----D---- C:\Program Files\Common Files
2012-01-27 00:20:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2012-01-24 16:32:27 ----D---- C:\Program Files\CyberLink DVD Solution
2012-01-24 16:10:10 ----RSD---- C:\WINDOWS\Fonts
2012-01-24 16:07:39 ----D---- C:\swsetup
2012-01-24 16:01:30 ----RASH---- C:\boot.ini
2012-01-24 16:01:30 ----AC---- C:\WINDOWS\win.ini
2012-01-24 16:01:30 ----AC---- C:\WINDOWS\system.ini
2012-01-24 16:01:28 ----D---- C:\WINDOWS\pss
2012-01-21 16:04:39 ----D---- C:\Program Files\Common Files\Adobe
2012-01-21 16:04:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-06 20:20:50 ----D---- C:\Program Files\Online Services
2012-01-05 12:00:08 ----D---- C:\Program Files\AVG
2012-01-05 11:11:27 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-01-05 11:02:18 ----D---- C:\Program Files\Blockbuster
2012-01-05 10:59:04 ----SD---- C:\Documents and Settings\Gale\Application Data\Microsoft
2012-01-05 10:51:21 ----D---- C:\Program Files\Shockwave.com
2011-12-18 15:46:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\wininet.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\url.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\occache.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mstime.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\licmgr10.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\jsproxy.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iepeers.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2011-12-16 07:23:08 ----A---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-05-18 74112]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-07-13 8413]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\Gale\LOCALS~1\Temp\catchme.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 ssmirrdr;ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801; C:\WINDOWS\System32\DRIVERS\USR1801.SYS [2001-08-17 794654]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [2011-11-10 924568]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-17 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

When I downloaded the INTREGOPT - the registry thing - no logs came up. It just wanted me to reboot my computer.

When I tried to download the Root Appeal, I get an error that says "invalid PE image found".

ANYTHING you can do to help would be very much appreciated. TIA

Corrine · March 14, 2012, 05:16:11 PM

Hi, Gale.

The Log Posting Instructions have changed and since your RSIT log is incomplete, please follow the instructions below. Note that it will likely be necessary to create more than one reply to fit all of the requested logs.

1. Download DDS.scr by sUBs and save it to your desktop: Link

Double-Click dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.

2. Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

3. I see you ran TDSSKiller. Please do not run any tools or make changes unless asked to do so. Please post a copy of C:\TDSSKiller.2.6.19.0_03.02.2012_13.19.07_log.txt in your next reply.

4. Let's also see an MBAM scan.

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.
** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Gale_Tx · March 14, 2012, 07:18:50 PM

I'm sorry, Corrine. I thought I was doing what I was supposed to do. Give me a while to get this done with this blankety-blank computer.

Corrine · March 14, 2012, 07:52:16 PM

No problem, Gale, and no guarantees that we'll find what the tech shop didn't see (although they left behind evidence of their presence which I'll point out later that in case you want to remove it).

Gale_Tx · March 14, 2012, 08:08:25 PM

dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Gale at 15:02:03 on 2012-03-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1461 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Office Depot PC Support Agent\esService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\gale\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7AB98642-97D1-48AC-ACBD-000440B22126} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BAD825AD-B624-4193-BBAE-E0CD28D96854} : DhcpNameServer = 24.93.41.125 24.93.41.126
TCP: Interfaces\{EE3C9EE5-A8F6-46AD-8FAE-A886AA0F77DE} : DhcpNameServer = 24.93.41.125 24.93.41.126
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gale\application data\mozilla\firefox\profiles\zprp9nem.default\
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\office depot pc support agent\esService.exe [2011-11-10 924568]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2001-8-17 114944]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2012-2-4 3567]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-7-10 11520]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15 10112]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801;c:\windows\system32\drivers\USR1801.SYS [2005-7-29 794654]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-11 167264]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2012-03-14 19:32:06   709968   ----a-w-   c:\windows\isRS-000.tmp
2012-03-13 13:38:55   --------   d-----w-   c:\program files\trend micro
2012-03-13 13:25:03   --------   d-----w-   c:\documents and settings\gale\application data\SUPERAntiSpyware.com
2012-03-13 13:25:03   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-10 16:16:08   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-03-10 16:16:08   3072   ------w-   c:\windows\system32\iacenc.dll
2012-03-10 16:10:58   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-03-10 16:10:58   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-03-10 15:56:09   --------   d-----w-   c:\program files\Office Depot PC Support Agent
2012-03-01 16:16:20   --------   d-----w-   c:\program files\MagicTune Premium
2012-02-16 03:35:37   --------   dc-h--w-   c:\windows\ie8
2012-02-15 19:34:10   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-15 19:34:08   97240   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2012-02-15 19:34:08   801752   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-15 19:34:08   626688   ----a-w-   c:\program files\mozilla firefox\msvcr80.dll
2012-02-15 19:34:08   548864   ----a-w-   c:\program files\mozilla firefox\msvcp80.dll
2012-02-15 19:34:08   479232   ----a-w-   c:\program files\mozilla firefox\msvcm80.dll
2012-02-15 19:34:08   45016   ----a-w-   c:\program files\mozilla firefox\mozutils.dll
2012-02-15 19:34:08   437208   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2012-02-15 19:34:08   2106216   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-15 19:34:08   1998168   ----a-w-   c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-15 19:34:08   1911768   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2012-02-15 19:34:08   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24   1859968   ----a-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46:36   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46:36   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58   385024   ----a-w-   c:\windows\system32\html.iec
2007-05-10 22:26:16   767696   -c--a-w-   c:\program files\BootDisk.exe
.
============= FINISH: 15:02:46.09 ===============

Gale_Tx · March 14, 2012, 08:11:18 PM

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2006 9:10:55 AM
System Uptime: 3/14/2012 2:32:45 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8I915PL-G
Processor: Intel(R) Celeron(R) CPU 3.06GHz | Socket 775 | 3081/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 39.069 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 1863 GiB total, 1807.39 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0003
Manufacturer: AVG Technologies
Name: SMC EZ Card 10/100 PCI (SMC1211TX) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0003
Service: Avgfwdx
.
==== System Restore Points ===================
.
RP1060: 2/7/2012 1:55:43 PM - Installed TuneUp Utilities 2012
RP1061: 2/7/2012 4:24:45 PM - Removed TuneUp Utilities 2012
RP1062: 2/7/2012 4:25:03 PM - Removed TuneUp Utilities 2012
RP1063: 2/7/2012 4:26:00 PM - Removed TuneUp Utilities Language Pack (en-US)
RP1064: 2/11/2012 8:19:09 AM - System Checkpoint
RP1065: 2/12/2012 12:33:56 PM - System Checkpoint
RP1066: 2/13/2012 1:14:24 PM - System Checkpoint
RP1067: 2/14/2012 3:50:29 PM - System Checkpoint
RP1068: 2/15/2012 5:28:19 PM - System Checkpoint
RP1069: 2/15/2012 9:31:27 PM - Software Distribution Service 3.0
RP1070: 2/15/2012 9:37:18 PM - Installed Windows Internet Explorer 8.
RP1071: 2/15/2012 9:40:33 PM - Software Distribution Service 3.0
RP1072: 2/16/2012 1:21:59 AM - Software Distribution Service 3.0
RP1073: 2/18/2012 4:23:53 PM - System Checkpoint
RP1074: 2/19/2012 5:56:01 PM - System Checkpoint
RP1075: 2/22/2012 10:50:21 AM - System Checkpoint
RP1076: 2/23/2012 12:04:50 PM - System Checkpoint
RP1077: 2/24/2012 5:50:11 PM - System Checkpoint
RP1078: 2/26/2012 4:45:57 PM - System Checkpoint
RP1079: 2/27/2012 3:33:57 PM - Installed D-Link Wireless N USB Adapter DWA-130
RP1080: 2/27/2012 3:40:43 PM - Installed D-Link Wireless N USB Adapter DWA-130
RP1081: 2/28/2012 9:39:27 PM - System Checkpoint
RP1082: 3/1/2012 9:26:38 AM - System Checkpoint
RP1083: 3/1/2012 10:16:19 AM - Installed MagicTune Premium
RP1084: 3/2/2012 7:03:04 PM - System Checkpoint
RP1085: 3/3/2012 9:05:18 PM - System Checkpoint
RP1086: 3/7/2012 11:07:54 AM - System Checkpoint
RP1087: 3/8/2012 6:48:27 AM - Removed ClearType Tuning Control Panel Applet
RP1088: 3/8/2012 6:49:40 AM - Removed MagicTune Premium
RP1089: 3/8/2012 9:31:42 PM - Restore Operation
RP1090: 3/9/2012 6:35:26 PM - Restore Operation
RP1091: 3/9/2012 8:46:27 PM - Restore Operation
RP1092: 3/10/2012 9:54:08 AM - Restore Operation
RP1093: 3/10/2012 3:37:22 PM - Software Distribution Service 3.0
RP1094: 3/10/2012 11:42:08 PM - Software Distribution Service 3.0
RP1095: 3/12/2012 3:47:51 PM - System Checkpoint
RP1096: 3/14/2012 1:26:40 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Display Driver
AVG 2012
Bookworm Deluxe
Bookworm Deluxe 1.13
Canon MP Navigator 3.0
Canon MP960
Canon MP960 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
CCleaner
ClearType Tuning Control Panel Applet
Corel Paint Shop Pro X
Easy-WebPrint
ERUNT 1.1j
Flip Words 2
Google Update Helper
HangARoo v2.052
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ImageMixer for HDD Camcorder
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Player for Firefox
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
Office Depot PC Support Agent
OLYMPUS CAMEDIA Master 2.5
OverDrive Media Console
Paint Shop Pro 7
Platform
PowerDVD
Realtek AC'97 Audio
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Snood 4
Snood for Windows version 3.52-W
Snood Slide 2.0
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
VIA Platform Device Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Movie Maker 2.0
WinZip
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 9:32:53 AM, error: ati2mtag [45062] - CRT invalid display type
3/9/2012 5:38:46 PM, error: NetBT [4321] - The name "HOME-S3JRAV5ZCT:20" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.101 did not allow the name to be claimed by this machine.
3/9/2012 5:38:29 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7AB98642-97D1-48AC-ACBD-000440B22126} because another computer on the network has the same name. The server could not start.
3/8/2012 6:48:43 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/10/2012 10:15:21 AM, error: Service Control Manager [7022] - The Office Depot PC Support Agent service hung on starting.
.
==== End Of File ===========================

Gale_Tx · March 14, 2012, 08:13:36 PM

checkup.txt
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 20
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Gale_Tx · March 14, 2012, 08:15:53 PM

tdss log.txt

13:19:07.0671 1956   TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:19:10.0562 1956   ============================================================
13:19:10.0562 1956   Current date / time: 2012/02/03 13:19:10.0562
13:19:10.0562 1956   SystemInfo:
13:19:10.0562 1956
13:19:10.0562 1956   OS Version: 5.1.2600 ServicePack: 3.0
13:19:10.0562 1956   Product type: Workstation
13:19:10.0562 1956   ComputerName: HOME-S3JRAV5ZCT
13:19:10.0562 1956   UserName: Gale
13:19:10.0562 1956   Windows directory: C:\WINDOWS
13:19:10.0562 1956   System windows directory: C:\WINDOWS
13:19:10.0562 1956   Processor architecture: Intel x86
13:19:10.0562 1956   Number of processors: 1
13:19:10.0562 1956   Page size: 0x1000
13:19:10.0562 1956   Boot type: Safe boot with network
13:19:10.0562 1956   ============================================================
13:19:13.0250 1956   Initialize success
13:19:39.0453 1196   ============================================================
13:19:39.0453 1196   Scan started
13:19:39.0453 1196   Mode: Manual; TDLFS;
13:19:39.0453 1196   ============================================================
13:19:41.0046 1196   Abiosdsk - ok
13:19:41.0109 1196   abp480n5 - ok
13:19:41.0187 1196   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:19:41.0187 1196   ACPI - ok
13:19:41.0359 1196   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:19:41.0359 1196   ACPIEC - ok
13:19:41.0468 1196   adpu160m - ok
13:19:41.0640 1196   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:19:41.0640 1196   aec - ok
13:19:41.0796 1196   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:19:41.0812 1196   AFD - ok
13:19:41.0890 1196   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:19:41.0921 1196   agp440 - ok
13:19:42.0125 1196   Aha154x - ok
13:19:42.0203 1196   aic78u2 - ok
13:19:42.0281 1196   aic78xx - ok
13:19:42.0484 1196   ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:19:42.0671 1196   ALCXWDM - ok
13:19:42.0906 1196   AliIde - ok
13:19:42.0984 1196   amsint - ok
13:19:43.0203 1196   asc - ok
13:19:43.0296 1196   asc3350p - ok
13:19:43.0359 1196   asc3550 - ok
13:19:43.0625 1196   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:19:43.0640 1196   AsyncMac - ok
13:19:43.0796 1196   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:19:43.0796 1196   atapi - ok
13:19:44.0000 1196   Atdisk - ok
13:19:44.0296 1196   ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:19:44.0390 1196   ati2mtag - ok
13:19:44.0593 1196   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:19:44.0609 1196   Atmarpc - ok
13:19:44.0750 1196   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:19:44.0765 1196   audstub - ok
13:19:45.0062 1196   AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:19:45.0062 1196   AVGIDSDriver - ok
13:19:45.0156 1196   AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:19:45.0156 1196   AVGIDSEH - ok
13:19:45.0375 1196   AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:19:45.0375 1196   AVGIDSFilter - ok
13:19:45.0468 1196   AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:19:45.0500 1196   AVGIDSShim - ok
13:19:45.0593 1196   Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:19:45.0609 1196   Avgldx86 - ok
13:19:45.0828 1196   Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:19:45.0828 1196   Avgmfx86 - ok
13:19:46.0015 1196   Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:19:46.0015 1196   Avgrkx86 - ok
13:19:46.0156 1196   Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:19:46.0156 1196   Avgtdix - ok
13:19:46.0453 1196   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:19:46.0453 1196   Beep - ok
13:19:46.0750 1196   catchme - ok
13:19:47.0000 1196   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:19:47.0015 1196   cbidf2k - ok
13:19:47.0171 1196   cd20xrnt - ok
13:19:47.0375 1196   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:19:47.0375 1196   Cdaudio - ok
13:19:47.0484 1196   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:19:47.0484 1196   Cdfs - ok
13:19:47.0593 1196   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:19:47.0593 1196   Cdrom - ok
13:19:47.0671 1196   Changer - ok
13:19:47.0828 1196   CmdIde - ok
13:19:47.0984 1196   Cpqarray - ok
13:19:48.0109 1196   dac2w2k - ok
13:19:48.0203 1196   dac960nt - ok
13:19:48.0390 1196   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:19:48.0421 1196   Disk - ok
13:19:48.0656 1196   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:19:48.0671 1196   dmboot - ok
13:19:48.0796 1196   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:19:48.0796 1196   dmio - ok
13:19:48.0937 1196   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:19:48.0937 1196   dmload - ok
13:19:49.0187 1196   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:19:49.0187 1196   DMusic - ok
13:19:49.0281 1196   dpti2o - ok
13:19:49.0343 1196   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:19:49.0343 1196   drmkaud - ok
13:19:49.0546 1196   epstw2k (aff9bc3da54aa48bf212443f769699c7) C:\WINDOWS\system32\DRIVERS\epstw2k.sys
13:19:49.0562 1196   epstw2k - ok
13:19:49.0750 1196   es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
13:19:49.0750 1196   es1371 - ok
13:19:49.0984 1196   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:19:49.0984 1196   Fastfat - ok
13:19:50.0078 1196   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:19:50.0093 1196   Fdc - ok
13:19:50.0265 1196   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:19:50.0265 1196   Fips - ok
13:19:50.0453 1196   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:19:50.0453 1196   Flpydisk - ok
13:19:50.0546 1196   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:19:50.0593 1196   FltMgr - ok
13:19:50.0765 1196   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:19:50.0765 1196   Fs_Rec - ok
13:19:51.0031 1196   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:19:51.0031 1196   Ftdisk - ok
13:19:51.0140 1196   gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:19:51.0140 1196   gameenum - ok
13:19:51.0359 1196   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:19:51.0375 1196   Gpc - ok
13:19:51.0484 1196   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:19:51.0484 1196   HidUsb - ok
13:19:51.0609 1196   hpn - ok
13:19:51.0734 1196   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:19:51.0765 1196   HTTP - ok
13:19:51.0859 1196   i2omgmt - ok
13:19:51.0906 1196   i2omp - ok
13:19:52.0093 1196   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:19:52.0093 1196   i8042prt - ok
13:19:52.0359 1196   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:19:52.0359 1196   Imapi - ok
13:19:52.0421 1196   ini910u - ok
13:19:52.0531 1196   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:19:52.0531 1196   IntelIde - ok
13:19:52.0703 1196   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:19:52.0734 1196   intelppm - ok
13:19:52.0859 1196   ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:19:52.0859 1196   ip6fw - ok
13:19:52.0953 1196   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:19:52.0953 1196   IpFilterDriver - ok
13:19:53.0093 1196   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:19:53.0093 1196   IpInIp - ok
13:19:53.0218 1196   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:19:53.0218 1196   IpNat - ok
13:19:53.0312 1196   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:19:53.0312 1196   IPSec - ok
13:19:53.0468 1196   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:19:53.0468 1196   IRENUM - ok
13:19:53.0625 1196   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:19:53.0625 1196   isapnp - ok
13:19:53.0750 1196   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:19:53.0750 1196   Kbdclass - ok
13:19:53.0859 1196   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:19:53.0859 1196   kbdhid - ok
13:19:54.0187 1196   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:19:54.0187 1196   kmixer - ok
13:19:54.0375 1196   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:19:54.0406 1196   KSecDD - ok
13:19:54.0578 1196   lbrtfdc - ok
13:19:54.0781 1196   MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
13:19:54.0828 1196   MCSTRM - ok
13:19:55.0125 1196   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:19:55.0156 1196   mnmdd - ok
13:19:55.0250 1196   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:19:55.0250 1196   Modem - ok
13:19:55.0437 1196   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:19:55.0453 1196   Mouclass - ok
13:19:55.0593 1196   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:19:55.0609 1196   mouhid - ok
13:19:55.0703 1196   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:19:55.0703 1196   MountMgr - ok
13:19:55.0750 1196   mraid35x - ok
13:19:55.0859 1196   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:19:55.0859 1196   MRxDAV - ok
13:19:56.0109 1196   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:19:56.0109 1196   MRxSmb - ok
13:19:56.0343 1196   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:19:56.0343 1196   Msfs - ok
13:19:56.0390 1196   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:19:56.0406 1196   MSKSSRV - ok
13:19:56.0531 1196   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:19:56.0531 1196   MSPCLOCK - ok
13:19:56.0640 1196   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:19:56.0640 1196   MSPQM - ok
13:19:56.0812 1196   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:19:56.0812 1196   mssmbios - ok
13:19:56.0937 1196   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:19:56.0937 1196   Mup - ok
13:19:57.0156 1196   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:19:57.0156 1196   NDIS - ok
13:19:57.0281 1196   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:19:57.0281 1196   NdisTapi - ok
13:19:57.0390 1196   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:19:57.0390 1196   Ndisuio - ok
13:19:57.0609 1196   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:19:57.0609 1196   NdisWan - ok
13:19:57.0750 1196   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:19:57.0750 1196   NDProxy - ok
13:19:57.0843 1196   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:19:57.0859 1196   NetBIOS - ok
13:19:58.0015 1196   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:19:58.0015 1196   NetBT - ok
13:19:58.0421 1196   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:19:58.0421 1196   Npfs - ok
13:19:58.0468 1196   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:19:58.0484 1196   Ntfs - ok
13:19:58.0640 1196   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:19:58.0640 1196   Null - ok
13:19:58.0953 1196   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:19:59.0046 1196   nv - ok
13:19:59.0359 1196   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:19:59.0375 1196   NwlnkFlt - ok
13:19:59.0437 1196   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:19:59.0437 1196   NwlnkFwd - ok
13:19:59.0609 1196   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:19:59.0609 1196   Parport - ok
13:19:59.0640 1196   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:19:59.0656 1196   PartMgr - ok
13:19:59.0750 1196   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:19:59.0781 1196   ParVdm - ok
13:19:59.0921 1196   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:19:59.0921 1196   PCI - ok
13:19:59.0984 1196   PCIDump - ok
13:20:00.0093 1196   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:20:00.0093 1196   PCIIde - ok
13:20:00.0281 1196   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:20:00.0281 1196   Pcmcia - ok
13:20:00.0390 1196   PDCOMP - ok
13:20:00.0484 1196   PDFRAME - ok
13:20:00.0609 1196   PDRELI - ok
13:20:00.0718 1196   PDRFRAME - ok
13:20:00.0859 1196   perc2 - ok
13:20:00.0953 1196   perc2hib - ok
13:20:01.0218 1196   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:20:01.0218 1196   PptpMiniport - ok
13:20:01.0265 1196   Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:20:01.0265 1196   Processor - ok
13:20:01.0421 1196   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:20:01.0421 1196   PSched - ok
13:20:01.0500 1196   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:20:01.0500 1196   Ptilink - ok
13:20:01.0578 1196   PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:20:01.0593 1196   PxHelp20 - ok
13:20:01.0687 1196   ql1080 - ok
13:20:01.0750 1196   Ql10wnt - ok
13:20:01.0812 1196   ql12160 - ok
13:20:01.0875 1196   ql1240 - ok
13:20:01.0984 1196   ql1280 - ok
13:20:02.0125 1196   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:20:02.0125 1196   RasAcd - ok
13:20:02.0250 1196   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:20:02.0250 1196   Rasl2tp - ok
13:20:02.0359 1196   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:20:02.0359 1196   RasPppoe - ok
13:20:02.0468 1196   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:20:02.0468 1196   Raspti - ok
13:20:02.0593 1196   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:20:02.0593 1196   Rdbss - ok
13:20:02.0703 1196   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:20:02.0703 1196   RDPCDD - ok
13:20:02.0906 1196   RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:20:02.0906 1196   RDPWD - ok
13:20:03.0156 1196   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:20:03.0156 1196   redbook - ok
13:20:03.0437 1196   rtl8139 - ok
13:20:03.0640 1196   scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
13:20:03.0640 1196   scsiscan - ok
13:20:03.0718 1196   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:20:03.0718 1196   Secdrv - ok
13:20:03.0875 1196   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:20:03.0890 1196   serenum - ok
13:20:04.0062 1196   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:20:04.0062 1196   Serial - ok
13:20:04.0312 1196   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:20:04.0312 1196   Sfloppy - ok
13:20:04.0437 1196   Simbad - ok
13:20:04.0531 1196   Sparrow - ok
13:20:04.0671 1196   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:20:04.0671 1196   splitter - ok
13:20:04.0781 1196   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:20:04.0781 1196   sr - ok
13:20:04.0953 1196   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:20:04.0953 1196   Srv - ok
13:20:05.0093 1196   ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
13:20:05.0093 1196   ssmirrdr - ok
13:20:05.0390 1196   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:20:05.0390 1196   swenum - ok
13:20:05.0437 1196   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:20:05.0437 1196   swmidi - ok
13:20:05.0531 1196   symc810 - ok
13:20:05.0640 1196   symc8xx - ok
13:20:05.0734 1196   sym_hi - ok
13:20:05.0796 1196   sym_u3 - ok
13:20:05.0953 1196   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:20:05.0968 1196   sysaudio - ok
13:20:06.0140 1196   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:20:06.0156 1196   Tcpip - ok
13:20:06.0453 1196   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:20:06.0453 1196   TDPIPE - ok
13:20:06.0562 1196   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:20:06.0562 1196   TDTCP - ok
13:20:06.0703 1196   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:20:06.0703 1196   TermDD - ok
13:20:06.0875 1196   TosIde - ok
13:20:07.0078 1196   TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
13:20:07.0093 1196   TVICHW32 - ok
13:20:07.0203 1196   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:20:07.0203 1196   Udfs - ok
13:20:07.0312 1196   ultra - ok
13:20:07.0453 1196   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:20:07.0453 1196   Update - ok
13:20:07.0593 1196   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:20:07.0609 1196   usbccgp - ok
13:20:07.0718 1196   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:20:07.0718 1196   usbehci - ok
13:20:07.0828 1196   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:20:07.0828 1196   usbhub - ok
13:20:07.0953 1196   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:20:07.0953 1196   usbprint - ok
13:20:08.0062 1196   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:20:08.0062 1196   usbscan - ok
13:20:08.0203 1196   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:20:08.0203 1196   USBSTOR - ok
13:20:08.0343 1196   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:20:08.0343 1196   usbuhci - ok
13:20:08.0453 1196   USR1801 (a80feb3e2b5bd47d12080439771fdab1) C:\WINDOWS\system32\DRIVERS\USR1801.SYS
13:20:08.0500 1196   USR1801 - ok
13:20:08.0656 1196   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:20:08.0656 1196   VgaSave - ok
13:20:08.0781 1196   ViaIde - ok
13:20:08.0953 1196   viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\DRIVERS\viamraid.sys
13:20:08.0968 1196   viamraid - ok
13:20:09.0031 1196   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:20:09.0031 1196   VolSnap - ok
13:20:09.0312 1196   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:20:09.0312 1196   Wanarp - ok
13:20:09.0343 1196   WDICA - ok
13:20:09.0500 1196   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:20:09.0500 1196   wdmaud - ok
13:20:09.0906 1196   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:20:09.0921 1196   WpdUsb - ok
13:20:10.0171 1196   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:20:10.0203 1196   WudfPf - ok
13:20:10.0296 1196   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:20:10.0296 1196   WudfRd - ok
13:20:10.0484 1196   yukonwxp (b29e7a2e211494ac05c2575d4725497a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:20:10.0500 1196   yukonwxp - ok
13:20:10.0625 1196   MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:20:10.0875 1196   \Device\Harddisk0\DR0 - ok
13:20:10.0937 1196   Boot (0x1200) (25270752a08117663c6617c176dda1f2) \Device\Harddisk0\DR0\Partition0
13:20:10.0953 1196   \Device\Harddisk0\DR0\Partition0 - ok
13:20:11.0031 1196   ============================================================
13:20:11.0031 1196   Scan finished
13:20:11.0031 1196   ============================================================
13:20:11.0093 0732   Detected object count: 0
13:20:11.0093 0732   Actual detected object count: 0
13:22:34.0718 1000   Deinitialize success

MBAM scan

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gale :: HOME-S3JRAV5ZCT [administrator]

3/14/2012 2:38:39 PM
mbam-log-2012-03-14 (14-38-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197981
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Corrine · March 14, 2012, 09:32:28 PM

Thank you, Gale.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Gale_Tx · March 14, 2012, 11:13:34 PM

Corrine, I've run comboFix after disabling security apps. A little black screen comes up, goes real fast and stops. I can't for the life of me find c:combofix.txt. I didn't get either of the popups you referenced either. It just did its thing and zooooom it was gone.

Advice??????

Corrine · March 15, 2012, 12:08:50 AM

Actually, it definitely doesn't sound like it did its thing. Please try in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe Mode.
Login on your usual account.

Gale_Tx · March 15, 2012, 04:16:53 AM

I don't mean to sound dense, but what do I do when I get to safe mode? Whatever it is I'll do tomorrow. Right now I'm going to put myself in safe mode in my bed. Good night.

Corrine · March 15, 2012, 05:24:06 PM

Hi, Gale.

Even though you disabled AVG, it is most likely still interfering with the running of ComboFix. What I want you to do is to run ComboFix in Safe Mode. The other alternative is to uninstall AVG, restart your computer and then run ComboFix.

Gale_Tx · March 15, 2012, 05:29:12 PM

I think you're right, Corrine......... Hold my coat, I'm going in.

Gale_Tx · March 15, 2012, 06:29:56 PM

Yay! I did it. I'm so proud of myself. Combo said I didn't have MS Recovery disk, so I had to shut down and go to safemode networking or something like that. It deleted a lot of stuff. :thud: Anyway, Combo downloaded it and here are the results:

ComboFix 12-03-14.01 - Gale 03/15/2012 12:55:27.5.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1769 [GMT -5:00]
Running from: c:\documents and settings\Gale\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Gale\Desktop\Scanner.lnk
c:\documents and settings\Gale\WINDOWS
c:\program files\Program Files
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\DellSTFetch.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\English\contact.html
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\English\CoreBranding.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\a.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\a1.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\a2.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas0.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas0a.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas1a.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas3.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\cas4.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\CCC.css
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\CCC.js
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\CCS-phone.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Container.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\ea.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\eb.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\IE5.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\banner_PSP.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Button\BuyMeBody.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Button\BuyMeLeft.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Button\BuyMeRight.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Circle.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\contact_us.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\Bottom.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\BottomRight.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\BotttomLeft.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\LeftSide.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\RightSide.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\Top.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\TopLeft.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\Frame\TopRight.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Images\register.jpg
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\P1b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\Presetup.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\RegCCSphone.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\regOffer.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\regOffline.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\td1b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\td2b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up1b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up2b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up3b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up4b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\up5b.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\upb.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\UPpm.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PCUUI\English\UPpm1.htm
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\English\Ofoto.PhotoService
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\English\PhotoBox.PhotoService
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\English\Shutterfly.PhotoService
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\msvcp60.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\msvcrt.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\orca22.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\orcacm22.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\PhotoServices\sfUpload.dll
c:\program files\Program Files\Corel\Corel Paint Shop Pro X\WMILocGt.dll
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1e71bcbe1f682129.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bbf5576a4594f236.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET115.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\setb4.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 00:15 . 2011-08-09 21:33   3840   ----a-w-   c:\windows\system32\drivers\BANTExt.sys
2012-03-13 13:38 . 2012-03-14 15:37   --------   d-----w-   c:\program files\trend micro
2012-03-13 13:34 . 2012-03-13 13:35   --------   d-----w-   c:\program files\ERUNT
2012-03-13 13:25 . 2012-03-13 13:25   --------   d-----w-   c:\documents and settings\Gale\Application Data\SUPERAntiSpyware.com
2012-03-13 13:25 . 2012-03-13 13:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-10 16:16 . 2012-01-11 19:06   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-03-10 16:16 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-03-10 16:10 . 2012-03-10 16:10   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-03-10 15:56 . 2012-03-10 16:13   --------   d-----w-   c:\program files\Office Depot PC Support Agent
2012-03-01 16:16 . 2012-03-10 16:01   --------   d-----w-   c:\program files\MagicTune Premium
2012-02-27 21:19 . 2012-02-27 21:19   --------   d-----w-   c:\documents and settings\Gale\Application Data\Leadertech
2012-02-16 07:24 . 2012-02-16 07:24   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
2012-02-16 03:35 . 2012-03-10 00:53   --------   dc-h--w-   c:\windows\ie8
2012-02-15 19:34 . 2012-03-12 18:15   134104   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-15 19:34 . 2012-03-12 18:15   2106216   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-15 19:34 . 2012-03-12 18:15   1998168   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-15 19:34 . 2012-03-12 18:15   97240   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2012-02-15 19:34 . 2012-03-12 18:15   801752   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-02-15 19:34 . 2012-03-12 18:15   626688   ----a-w-   c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-15 19:34 . 2012-03-12 18:15   548864   ----a-w-   c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-15 19:34 . 2012-03-12 18:15   479232   ----a-w-   c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-15 19:34 . 2012-03-12 18:15   45016   ----a-w-   c:\program files\Mozilla Firefox\mozutils.dll
2012-02-15 19:34 . 2012-03-12 18:15   437208   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2012-02-15 19:34 . 2012-03-12 18:15   1911768   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2012-02-15 19:34 . 2012-03-12 18:15   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-04 12:00   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2005-07-29 22:59   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:46 . 2004-08-04 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2007-05-10 22:26 . 2007-05-10 22:26   767696   -c--a-w-   c:\program files\BootDisk.exe
2012-03-12 18:15 . 2012-02-15 19:34   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 16:54   1869152   ----a-w-   c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Gale\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 295248]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 230608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
S2 Office Depot PC Support Agent;Office Depot PC Support Agent;c:\program files\Office Depot PC Support Agent\esService.exe [11/10/2011 2:15 AM 924568]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 11:54 AM 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 16720]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [8/17/2001 8:50 AM 114944]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2/4/2012 10:12 AM 3567]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/10/2006 9:15 PM 11520]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [3/15/2011 12:11 AM 10112]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801;c:\windows\system32\drivers\USR1801.SYS [7/29/2005 12:12 PM 794654]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [7/11/2011 3:33 PM 167264]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 9:27 AM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\User_Feed_Synchronization-{2C2155DD-F9E5-49C8-B53C-4CE92333E1CE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default\
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-CCleaner - c:\documents and settings\Gale\Desktop\CCleaner\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-15 13:02:56
ComboFix-quarantined-files.txt 2012-03-15 18:02
.
Pre-Run: 41,491,243,008 bytes free
Post-Run: 41,808,093,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 94149852125211176E32EA485394DDE3